Dovecot

Dovecot
allows users to log in and check their email using POP3 and IMAP. In
this section, configure Dovecot to force users to use SSL when they
connect so that their passwords are never sent to the server in plain
text.

# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration# "doveconf -n" command gives a clean output of the changed settings. Use it# instead of copy&pasting files when posting to the Dovecot mailing list.# '#' character and everything after it is treated as comments. Extra spaces# and tabs are ignored. If you want to use either of these explicitly, put the# value inside quotes, eg.: key = "# char and trailing whitespace "# Default values are shown for each setting, it's not required to uncomment# those. These are exceptions to this though: No sections (e.g. namespace {})# or plugin settings are added by default, they're listed only as examples.# Paths are also just examples with the real defaults being based on configure# options. The paths listed here are for configure --prefix=/usr# --sysconfdir=/etc --localstatedir=/var# Enable installed protocols!include_try /usr/share/dovecot/protocols.d/*.protocolprotocols = imap pop3 lmtp# A comma separated list of IPs or hosts where to listen in for connections.# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.# If you want to specify non-default ports or anything more complex,# edit conf.d/master.conf.#listen = *, ::# Base directory where to store runtime data.#base_dir = /var/run/dovecot/# Name of this instance. Used to prefix all Dovecot processes in ps output.#instance_name = dovecot# Greeting message for clients.#login_greeting = Dovecot ready.# Space separated list of trusted network ranges. Connections from these# IPs are allowed to override their IP addresses and ports (for logging and# for authentication checks). disable_plaintext_auth is also ignored for# these networks. Typically you'd specify the IMAP proxy servers here.#login_trusted_networks =# Sepace separated list of login access check sockets (e.g. tcpwrap)#login_access_sockets =# Show more verbose process titles (in ps). Currently shows user name and# IP address. Useful for seeing who are actually using the IMAP processes# (eg. shared mailboxes or if same uid is used for multiple accounts).#verbose_proctitle = no# Should all processes be killed when Dovecot master process shuts down.# Setting this to "no" means that Dovecot can be upgraded without# forcing existing client connections to close (although that could also be# a problem if the upgrade is e.g. because of a security fix).#shutdown_clients = yes# If non-zero, run mail commands via this many connections to doveadm server,# instead of running them directly in the same process.#doveadm_worker_count = 0# UNIX socket or host:port used for connecting to doveadm server#doveadm_socket_path = doveadm-server# Space separated list of environment variables that are preserved on Dovecot# startup and passed down to all of its child processes. You can also give# key=value pairs to always set specific settings.#import_environment = TZ#### Dictionary server settings### Dictionary can be used to store key=value lists. This is used by several# plugins. The dictionary can be accessed either directly or though a# dictionary server. The following dict block maps dictionary names to URIs# when the server is used. These can then be referenced using URIs in format# "proxy::<name>".dict {#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext}# Most of the actual configuration gets included below. The filenames are# first sorted by their ASCII value and parsed in that order. The 00-prefixes# in filenames are intended to make it easier to understand the ordering.!include conf.d/*.conf# A config file can also tried to be included without giving an error if# it's not found:!include_try local.conf

service auth {# auth_socket_path points to this userdb socket by default. It's typically# used by dovecot-lda, doveadm, possibly imap process, etc. Its default# permissions make it readable only by root, but you may need to relax these# permissions. Users that have access to this socket are able to get a list# of all usernames and get results of everyone's userdb lookups.unix_listener /var/spool/postfix/private/auth {mode = 0666user = postfixgroup = postfix}unix_listener auth-userdb {mode = 0600user = vmail#group =}# Postfix smtp-auth#unix_listener /var/spool/postfix/private/auth {# mode = 0666#}# Auth process is run as this user.user = dovecot}